Sign-up

ID

VAR-201701-0402


CVE

CVE-2016-3150


TITLE

plural Barco ClickShare Device product firmware Base Unit of wallpaper.php Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-006880

DESCRIPTION

Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. Versions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. The following devices are affected: Barco ClickShare CSC-1 devices with firmware prior to 01.09.03; CSM-1 devices with firmware prior to 01.06.02; CSE-200 devices with firmware prior to 01.03.02. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V

Trust: 2.07

sources: NVD: CVE-2016-3150 // JVNDB: JVNDB-2016-006880 // BID: 94330 // VULHUB: VHN-91969 // PACKETSTORM: 139713

AFFECTED PRODUCTS

vendor:barcomodel:clickshare csc-1scope:lteversion:01.09.05.02

Trust: 1.0

vendor:barcomodel:clickshare cse-200scope:lteversion:01.09.02.05

Trust: 1.0

vendor:barcomodel:clickshare csc-1scope: - version: -

Trust: 0.8

vendor:barcomodel:clickshare csc-1scope:ltversion:01.09.03

Trust: 0.8

vendor:barcomodel:clickshare cse-200scope: - version: -

Trust: 0.8

vendor:barcomodel:clickshare cse-200scope:ltversion:01.03.02

Trust: 0.8

vendor:barcomodel:clickshare csm-1scope: - version: -

Trust: 0.8

vendor:barcomodel:clickshare csm-1scope:ltversion:01.06.02

Trust: 0.8

vendor:barcomodel:clickshare csc-1scope:eqversion:01.09.05.02

Trust: 0.6

vendor:barcomodel:clickshare cse-200scope:eqversion:01.09.02.05

Trust: 0.6

vendor:barcomodel:clicksharescope:eqversion:1.9.2

Trust: 0.3

vendor:barcomodel:clicksharescope:eqversion:1.6.1

Trust: 0.3

vendor:barcomodel:clicksharescope:eqversion:1.3.1

Trust: 0.3

vendor:barcomodel:clicksharescope:neversion:1.9.3

Trust: 0.3

vendor:barcomodel:clicksharescope:neversion:1.6.2

Trust: 0.3

vendor:barcomodel:clicksharescope:neversion:1.3.2

Trust: 0.3

sources: BID: 94330 // JVNDB: JVNDB-2016-006880 // CNNVD: CNNVD-201611-538 // NVD: CVE-2016-3150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-3150
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-3150
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201611-538
value: MEDIUM

Trust: 0.6

VULHUB: VHN-91969
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-3150
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-91969
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-3150
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-91969 // JVNDB: JVNDB-2016-006880 // CNNVD: CNNVD-201611-538 // NVD: CVE-2016-3150

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-91969 // JVNDB: JVNDB-2016-006880 // NVD: CVE-2016-3150

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 139713 // CNNVD: CNNVD-201611-538

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201611-538

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006880

PATCH
title:Update your ClickShare firmwareurl:https://www.barco.com/en/page/update-your-clickshare-firmware
Trust: 0.8
title:Barco ClickShare Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65873
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-006880 // 
            
            
            
            CNNVD: CNNVD-201611-538

EXTERNAL IDS
db:NVDid:CVE-2016-3150
Trust: 2.9
db:PACKETSTORMid:139713
Trust: 2.6
db:BIDid:94330
Trust: 2.0
db:JVNDBid:JVNDB-2016-006880
Trust: 0.8
db:CNNVDid:CNNVD-201611-538
Trust: 0.7
db:VULHUBid:VHN-91969
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91969 // 
            
            
            
            BID: 94330 // 
            
            
            
            JVNDB: JVNDB-2016-006880 // 
            
            
            
            PACKETSTORM: 139713 // 
            
            
            
            CNNVD: CNNVD-201611-538 // 
            
            
            
            NVD: CVE-2016-3150

REFERENCES
url:http://packetstormsecurity.com/files/139713/barco-clickshare-xss-remote-code-execution-path-traversal.html
Trust: 2.5
url:http://www.securityfocus.com/bid/94330
Trust: 1.7
url:http://www.securityfocus.com/archive/1/539754/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3150
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3150
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/539754/100/0/threaded
Trust: 0.6
url:https://www.barco.com/en/clickshare
Trust: 0.3
url:http://seclists.org/bugtraq/2016/nov/49
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-3149
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3151
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3152
Trust: 0.1
url:http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050037&rev=001001000113
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3150
Trust: 0.1
url:http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=r33050020&rev=001002000009
Trust: 0.1
url:https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=r33050070&rev=001001000008
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91969 // 
            
            
            
            BID: 94330 // 
            
            
            
            JVNDB: JVNDB-2016-006880 // 
            
            
            
            PACKETSTORM: 139713 // 
            
            
            
            CNNVD: CNNVD-201611-538 // 
            
            
            
            NVD: CVE-2016-3150

CREDITS
Vincent Ruijter
Trust: 1.0
sources:
            
            
            BID: 94330 // 
            
            
            
            PACKETSTORM: 139713 // 
            
            
            
            CNNVD: CNNVD-201611-538

SOURCES
db:VULHUBid:VHN-91969
db:BIDid:94330
db:JVNDBid:JVNDB-2016-006880
db:PACKETSTORMid:139713
db:CNNVDid:CNNVD-201611-538
db:NVDid:CVE-2016-3150

LAST UPDATE DATE
2025-04-20T23:13:23.813000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91969date:2018-10-09T00:00:00
db:BIDid:94330date:2016-11-24T01:10:00
db:JVNDBid:JVNDB-2016-006880date:2017-01-27T00:00:00
db:CNNVDid:CNNVD-201611-538date:2017-01-13T00:00:00
db:NVDid:CVE-2016-3150date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-91969date:2017-01-12T00:00:00
db:BIDid:94330date:2016-11-14T00:00:00
db:JVNDBid:JVNDB-2016-006880date:2017-01-27T00:00:00
db:PACKETSTORMid:139713date:2016-11-14T17:07:07
db:CNNVDid:CNNVD-201611-538date:2016-11-25T00:00:00
db:NVDid:CVE-2016-3150date:2017-01-12T23:59:00.307